Daily Tech Digest - October 08, 2023

How AI is enhancing anti-money laundering strategies for improved financial security

Financial institutions collect massive volumes of transactional data daily, making it impractical for human experts to review each transaction for signs of money laundering manually. AI systems, on the other hand, can efficiently process this data, flagging transactions that exhibit unusual patterns or deviate from established norms. These AI systems utilise advanced algorithms to develop customer behavior profiles, creating a baseline against which future transactions can be compared. Any deviation from the norm, such as sudden large transfers, frequent cash deposits, or transactions with high-risk jurisdictions, triggers an alert for further investigation. This allows institutions to focus their resources on genuinely suspicious activities rather than drowning in false positives. Analysing data to recognise suspicious activities: AI algorithms excel at analysing enormous datasets, identifying hidden patterns and correlations that could signify money laundering activities. By examining transaction history and customer behavior, AI-enabled tools can uncover links between seemingly unrelated events.

Record Numbers of Ransomware Victims Named on Leak Sites

At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites since this practice began in 2019. It is expected the 10,000th victim name was posted to leak sites in late summer 2023, but this has not yet been confirmed by Secureworks. ... The 2023 report found that ransomware median dwell time was under 24 hours, representing a dramatic fall from 4.5 days during the previous 12 months. In 10% of cases, ransomware was deployed within five hours of initial access. Smith believes this trend is due to improved cyber detection capabilities, with cyber-criminals speeding up their operations to reduce the chances of being stopped before deploying ransomware. “As a result, threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex. But the risk from those attacks is still high,” commented Smith.

Cloud backup and disaster recovery evolve toward maturity

At the end of the day, backup as a service is kind of just that. It operates like a regular backup application, using a schedule and point-in-time backups. DRaaS is more about failing over if something comes up as a disaster recovery process. It's designed to replicate or restore data environments automatically; it doesn't transform data in the same sense that a backup may have a particular data format. DRaaS is about moving the data from point A to point B and being able to get back to it as quickly as possible, especially in the context of a failover. ... But with the flexibility that cloud data protection affords, a lot of these solutions can essentially get updated whenever you log on because they're SaaS-based. Also, there's so much data in the cloud now and lots of investment in digital transformation, new platforms and cloud-native applications, which is triggering some rethinking of cloud data protection strategies. All of this I think is shortening the review cycles. It's actually a domino effect: Data protection follows data production. 

Mitigating Security Fatigue: Safeguarding Your Remote Team Against Cyberthreats

It’s easy for remote workers to feel disconnected from their teams and employers, which is why it’s important to keep communication consistent. Having the right collaboration tools can make all the difference in keeping remote workers engaged and more likely to follow security protocols. Video calls can help team members meet face-to-face, reducing miscommunication and misunderstandings. It’s also important to have an easy way to collaborate on projects so everyone can stay on the same page and work moves forward efficiently. Of course, any technology you use should be easy to use and easy to keep secure. With the right communication tools, your remote team members can collaborate effectively, stay connected with team members, and generally remember that they aren’t at home alone — they belong to a larger organization. This feeling of connection will encourage and remind them to implement the company’s security standards even though they work from home. As remote work becomes more popular, the need for strong security practices becomes even more vital. 

One might be inclined to believe (from the Trellix example) that the returns and competitive business risks of adopting and not adopting AI in cyber-security processes are quite high from a sales perspective. This point can be rationalised by seminal academic theory in the strategic management sciences. Based on insights from the widely popular Five Forces strategy model by Michael Porter of the Harvard Business School, the threat of new entrants (Trellix competitors), product substitutes (competitor products churned from AI-driven platforms like HVS), high bargaining power of customers (clients of Trellix-like products), and low bargaining power of suppliers (Trellix) should push enterprises to necessarily adopt AI as a cyber-security strategy to boost sales. ... On top of everything, AI as a business strategy for the modern IT/OT-driven business ecosystems has the potential to adhere very well with certain elements of the seminal Eight-Fold strategy proposed by Michael Cusumano of the MIT Sloan School of Management for software-driven businesses

How to Stay Ahead of the Regulatory Curve with Robust Data Governance?

Establishing a data governance culture requires the right combination of people, process, and technology. Defining the right roles and responsibilities (people) and developing the right data governance framework (process) are steps in the right direction. But without the right tools (technology), it becomes difficult at best for a data governance culture to succeed. A data catalog is a critical tool for organizations looking to establish a data governance culture. It gives business users, many of whom are not data experts, clarity on data definitions, synonyms, and essential business attributes so they can understand and use their data more effectively. Data catalogs show who owns the data, allowing for greater collaboration across the business. They provide a self-service way for everyone in the organization to find the data they need and turn what used to be tribal knowledge into useful and accessible information that they can use to make better business decisions.

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

No firm can achieve operational resilience purely on its own. Intelligence sharing within the global financial community helps firms understand current and emerging threats and learn how others are mitigating them. It keeps larger institutions at the forefront of cybersecurity while arming smaller firms with knowledge and tools to protect themselves. It is so critical to operational resilience that DORA dedicates an entire article to it. Beyond regulation, the public sector is also increasingly collaborating with the private sector to protect critical infrastructure, which includes the financial sector. Around the world, organizations including the US Treasury Department's Hamilton Series and NATO's Locked Shields regularly conduct large-scale exercises to test that communication and coordination channels will function efficiently during major incidents. The goal is not only to minimize operational disruption but to proactively maintain public calm and trust. Operational risks are no longer geographically bound. Cross-border intelligence sharing and exercises help financial institutions build a comprehensive approach to operational resilience.

The Top 10 Hurdles to Blockchain Adoption

One of the most significant factors that has made blockchain adoption more difficult is the overall age of the average person using banking services. Unlike previous generations, the current demographic in the world is older than ever. Advancements in healthcare and other factors have increased life expectancy in most regions of the world. ... Energy consumption issues remain a top problem in the market. Conservationists have repeatedly pointed out that networks that leverage the Proof-of-Work consensus algorithm are power-hungry. The reason for this consumption is that the PoW system requires users to exercise their computational power as part of the validation structure. To combat these issues, there has been a steady migration of mining farms to renewables. ... Another issue that has held back blockchain adoption is the lack of supportive legislation for these projects. When there is a lack of governmental support, financial institutions are wary of joining an industry. The main reason for the concern is that they fear later regulatory pushback.

Redefining the Framework of Innovation

The impact of ecosystems on digital disruption today does draw sharp parallels to another important technological evolution. Specifically, it brings to mind the evolution of manufacturing and distribution technology which enabled the transition from vertical integration to multi-tier supply networks. The twist is ecosystem models look forward, not back in the value chain, enabling entire new value chains. However, while there are many clear benefits of ecosystems, these business models are contractually, logistically, and commercially complex. This is especially true when you factor in the challenges of partnering with early-stage tech companies. So, where should leaders begin when considering a partnership or alliance? Take inventory of your most critical innovation paths and evaluate them against the ecosystem model. Key criteria may include needs for outside expertise and intellectual capital, a reduction in capital risk and accelerated innovation delivery to the market. Focus time and resources on selecting the right ecosystem partner. 

Identifying The Right Risk Appetite For Your Business

While risk appetite has a traditional outlook, risk tolerance (or impact tolerance) helps companies move closer to the path of resilience. If risk appetite tells us how much risk an organization can take, risk tolerance indicates how much risk an organization "wants" to take in numbers. Essentially, tolerances are defined losses that an organization is willing to incur in meeting an objective. Every decision bears risks. If a business accepts risk or incurs loss due to a risk event that exceeds the agreed-upon risk appetite and tolerance levels, then serious fiscal, legal and reputational consequences can occur. For this reason, risk appetite should be reevaluated and reconciled whenever changes occur to strategic initiatives or the business environment. ... Risk appetite as a concept is not new, but what is trending is linking them to resilience programs so that organizations take the right amount of risk to meet business objectives while ensuring sustainability, employee health and safety and stakeholder well-being.

Quote for the day:

"The secret of success in life is for a man to be ready for his opportunity when it comes." -- Benjamin Disraeli

No comments:

Post a Comment